Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

IPS Signatures

JRE Deserialization Vulnerability

 
Signature ID: 17998/0
Original Release:S403
Release:S628 (download)
Original Release Date:2009 May 21
Latest Release Date:2012 February 25
Default Enabled:False
Default Retired:True
Alarm Severity:High
Fidelity:95 

Description

This signature fires on an attempt to exploit a JRE deserialization vulnerability.Successful exploitation of this issue will result in the attacker gaining java code execution at a privilege level of the invoking user of the browser.From this code the attacker is able to bypass the JRE sandbox and gain full code execution on the machine.

Recommended Filter

There are no suggested filters.

Benign Triggers

There are no known benign triggers.

IntelliShield Alerts

IntelliShield ID Headline VersionCVSS ScoreLast Published
17203Multiple Vendor Java Runtime Environment Malformed Calendar Object Processing Applet Privilege Escalation Vulnerability149.3/7.72010 February 10 19:35 GMT

Download

To download this and other IPS update files, please go to Cisco Secure Software Download.

LEGAL DISCLAIMER
THE INFORMATION ON THIS PAGE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION CONTAINED HEREIN, OR MATERIALS LINKED FROM THE DOCUMENT, IS AT YOUR OWN RISK. INFORMATION IN THIS DOCUMENT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Powered by  IntelliShield